Meet KyōfolioFeaturesResourcesPricing
Back to Resources
Privacy/Security

Privacy & Security

Learn how Kyōfolio protects your data, what information we collect, and what we do (and don't do) with it.

Updated January 22, 2026·6 min read
privacysecurity

We built Kyōfolio for people who put real life in their planner. That means the stuff you write down can be personal.

So here’s the simple version: your data is yours, and we take privacy and security seriously.

This page is a plain-English overview. For the legal version, see our Privacy Policy and Terms.

In this guide

  • What data Kyōfolio stores
  • How your data is protected
  • What we do (and don’t do) with your data
  • Your controls (delete, disconnect, export)
  • Common questions

What data Kyōfolio stores

Kyōfolio stores the minimum needed to provide the service.

Account information

  • Email address (for login + account communication)
  • Account preferences and settings (timezone, UI preferences, planning defaults)
  • Subscription status (trial, active, cancelled, etc.)

Payments: Billing is processed by Stripe. Kyōfolio does not store your full credit card number.

Planning data (your content)

  • Tasks, projects, and notes
  • Day plans and end-of-day review notes (if you use them)
  • Rhythms and completion history (if you use them)

Calendar connection data (if you connect a calendar)

Kyōfolio supports Google Calendar, iCloud, and ICS calendar links.

Kyōfolio imports calendar events read-only to give you planning context. We store only normalized event fields needed for display:

  • event name/title
  • event time
  • location
  • description
  • video link (if present)

Kyōfolio does not write back to your calendar.

Usage data (to keep the app working)

We collect limited operational data to maintain and improve Kyōfolio:

  • Error logs (Rollbar) to identify and fix bugs
  • Basic usage analytics (PostHog) to understand what features are working and where people get stuck

We do not send user-generated content (task titles, notes, project names, etc.) to analytics or error logging services.

How your data is protected

Kyōfolio is built with standard modern security practices.

In transit

  • Data is encrypted while traveling between your browser and Kyōfolio using HTTPS/TLS.

Access controls

  • Your data is protected by authentication and access controls so other users can’t see it.
  • Kyōfolio uses row-level security (RLS) on user data tables to enforce per-user data access.

Internal access (the human part)

  • I’m the only person with production access.
  • I use MFA and least-privilege access controls.
  • I do not access user data unless a user requests help with a specific issue. When debugging, I first attempt to reproduce problems on my own accounts.

Storage

Kyōfolio stores data in Supabase Postgres (managed database infrastructure). We use standard protections provided by the platform.

Note: We’re careful not to over-claim here. Encryption-at-rest depends on provider configuration and we’ll update this page as we verify and harden those settings.

Monitoring

We monitor reliability and errors so we can detect issues quickly and fix them.

We do not claim formal compliance or audits (SOC 2 / HIPAA / etc.) at this time.

What we do with your data

We use your data to operate Kyōfolio and improve the product:

  • Store and sync your planning data across devices
  • Provide planning features (Today, Canvas/Flow, Rhythms, Review, etc.)
  • Send essential account messages (billing status, service notices)
  • Troubleshoot issues when something breaks (when you ask us to)

We may also use aggregated, non-identifying signals (usage patterns) to:

  • improve the UI
  • prioritize features
  • reduce bugs and performance issues

What we don’t do

We don’t sell your data

  • We do not sell your personal information.
  • We do not sell your task content, notes, or planning history.

We don’t run ads or share your data for advertising

  • Kyōfolio is not an ad business.
  • We don’t share your data with third parties for targeted advertising.

We don’t share without a reason

We only share data with third parties when it’s necessary to run the service, such as:

  • payment processing (Stripe)
  • infrastructure hosting (Supabase)
  • error reporting (Rollbar)
  • analytics (PostHog)

And only to the extent required for those services.

We may also disclose information if required by law.

Your controls

Disconnect integrations

If you connect a calendar, you can disconnect it from within Kyōfolio. This stops future syncing.

When you disconnect a calendar, Kyōfolio is designed to delete previously imported calendar events from your account.

Note: If you ever see events remain after disconnecting, that’s a bug—not intended behavior—and we’d love to fix it.

Delete your account

You can delete your account from your profile settings.

When you delete your account:

  • your Kyōfolio data associated with that user is removed from the database immediately
  • your active subscription (if any) is canceled

Export your data

Kyōfolio does not have an export feature yet.

Export is on the roadmap. If you need your data before then, email us at [email protected] and we’ll help.

Data retention (plain English)

  • We keep your data while your account is active so the product can function.
  • When you delete your account, your data is removed immediately.

Backups:

  • Kyōfolio uses Supabase’s standard daily backups with a 7-day retention window.

This means that while your live account data is deleted immediately, backups may exist for up to 7 days as part of standard infrastructure operations.

Common questions

Who can see my planning data?

Only you—unless you choose to share it (screenshots, support messages, etc.). Kyōfolio is designed so other users cannot access your content.

Do you read my tasks or notes?

Kyōfolio does not read your tasks for advertising or sell your content.

As the developer, I can view user content directly in the database, but I do not access user data unless you request help with a specific issue. I try to reproduce issues using my own accounts first.

Is my data encrypted?

Data is encrypted in transit (HTTPS/TLS). Kyōfolio runs on managed infrastructure (Supabase Postgres) with standard protections. We’ll update this page as we verify specific encryption-at-rest settings in our environment.

Can I export everything?

Not yet. Export is on the roadmap. If you need your data now, email [email protected].

What happens to my data if Kyōfolio shuts down?

If Kyōfolio ever needs to shut down, we’ll provide at least 30 days notice and a way to export your data.

If possible, we’ll also attempt to keep the service available in a limited “read/export” mode for up to one year after shutdown is announced.